From 4c132e3c8d4858ecbd529d69bfc4d8137dedd851 Mon Sep 17 00:00:00 2001 From: Michael Santos Date: Sun, 17 Jun 2018 10:01:44 -0400 Subject: [PATCH] config: segfault parsing invalid sni/alpn Check return value of config_setting_get_string_elem() for error before passing the result to strlen(): ~~~ segfault.conf protocols: ( { name: "tls"; host: "localhost"; port: "8443"; sni_hostnames: [ 0 ]; } ); ~~~ --- sslh-main.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/sslh-main.c b/sslh-main.c index b2cabed..f0ec9dd 100644 --- a/sslh-main.c +++ b/sslh-main.c @@ -235,7 +235,7 @@ static void setup_regex_probe(struct proto *p, config_setting_t* probes) static void setup_sni_alpn_list(struct proto *p, config_setting_t* config_items, const char* name, int alpn) { int num_probes, i, max_server_name_len, server_name_len; - const char * config_item; + const char * config_item, *server_name; char** sni_hostname_list; num_probes = config_setting_length(config_items); @@ -246,7 +246,12 @@ static void setup_sni_alpn_list(struct proto *p, config_setting_t* config_items, max_server_name_len = 0; for (i = 0; i < num_probes; i++) { - server_name_len = strlen(config_setting_get_string_elem(config_items, i)); + server_name = config_setting_get_string_elem(config_items, i); + if (server_name == NULL) { + fprintf(stderr, "%s: invalid %s specified\n", p->description, name); + exit(1); + } + server_name_len = strlen(server_name); if(server_name_len > max_server_name_len) max_server_name_len = server_name_len; }